I am all for oAuth replacing basic, but one of the remaining issues is
consumer keys. With 1.0 signing is required thus requiring
distributing keys with your application. We all know this is pretty unsafe
since any hacker could yank them out.
oAuth 2.0 does seem to solve a lot of the issues involving desktop
applications, but is still being drafted. So maybe holding off
basic auth depreciation until then might not be ideal, but I think it would
help make porting to oAuth a bit easier.
Just curious how soon can we expect 2.0 to be rolling out and if Twitter has
considered at all extending basic auth's lifetime.



Reply via email to